Full Key Recovery Side-Channel Attack Against Ephemeral SIKE on the Cortex-M4

Genêt, Aymeric; Guertechin, Natacha Linard de; Kaluđerović, Novak

doi:10.1007/978-3-030-89915-8_11

Cited by 9 publications

(3 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They measured the energy consumption, and also found whilst benchmarking their implementation that it was around 20% faster than previous implementations. It was found for the Cortex-M4 implementation of SIKE based on the reference implementation that a full recovery of keys was possible with a side-channel attack [41]. This brings to the fore the importance of implementation-specific security testing.…”

Section: Other Postquantum Testingmentioning

confidence: 99%

Post-Quantum Authentication in the MQTT Protocol

Samandari,

Gritti

2023

JCP

View full text Add to dashboard Cite

Message Queue Telemetry Transport (MQTT) is a common communication protocol used in the Internet of Things (IoT). MQTT is a simple, lightweight messaging protocol used to establish communication between multiple devices relying on the publish–subscribe model. However, the protocol does not provide authentication, and most proposals to incorporate it lose their lightweight feature and do not consider the future risk of quantum attacks. IoT devices are generally resource-constrained, and postquantum cryptography is often more computationally resource-intensive compared to current cryptographic standards, adding to the complexity of the transition. In this paper, we use the postquantum digital signature scheme CRYSTALS-Dilithium to provide authentication for MQTT and determine what the CPU, memory and disk usage are when doing so. We further investigate another possibility to provide authentication when using MQTT, namely a key encapsulation mechanism (KEM) trick proposed in 2020 for transport level security (TLS). Such a trick is claimed to save up to 90% in CPU cycles. We use the postquantum KEM scheme CRYSTALS-KYBER and compare the resulting CPU, memory and disk usages with traditional authentication. We found that the use of KEM for authentication resulted in a speed increase of 25 ms, a saving of 71%. There were some extra costs for memory but this is minimal enough to be acceptable for most IoT devices.

show abstract

Section: Other Postquantum Testingmentioning

confidence: 99%

Post-Quantum Authentication in the MQTT Protocol

Samandari,

Gritti

2023

JCP

View full text Add to dashboard Cite

show abstract

“…The zero-value threat was also hinted at in [GLK21], however the authors similarly conclude that such attacks would be blocked by partial ciphertext validation and do not explore the matter further. Thus, despite a general awareness of the possibility of zero-value attacks prior to this work, no one had ever demonstrated such an attack on SIDH or SIKE.…”

Section: Related Workmentioning

confidence: 99%

SIKE Channels

Feo

Mrabet

Genêt

et al. 2022

TCHES

View full text Add to dashboard Cite

We present new side-channel attacks on SIKE, the isogeny-based candidate in the NIST PQC competition. Previous works had shown that SIKE is vulnerable to differential power analysis, and pointed to coordinate randomization as an effective countermeasure. We show that coordinate randomization alone is not sufficient, because SIKE is vulnerable to a class of attacks similar to refined power analysis in elliptic curve cryptography, named zero-value attacks. We describe and confirm in the lab two such attacks leading to full key recovery, and analyze their countermeasures.

show abstract

“…Recently, there have been further advances in side-channel attacks (and protection) against implementations of SIDH. The reader is referred to [1,17,28,43] for more information.…”

Section: Fault Attacksmentioning

confidence: 99%

Torsion point attacks on ‘SIDH‐like’ cryptosystems

Kutas

Petit

2022

IET Information Security

View full text Add to dashboard Cite

Isogeny-based cryptography is a promising approach for postquantum cryptography. The best-known protocol following that approach is the supersingular isogeny Diffie-Hellman protocol (SIDH); this protocol was turned into the CCA-secure key encapsulation mechanism SIKE, which was submitted to and remains in the third round of NIST's post-quantum standardization process as an "alternate" candidate. Isogeny-based cryptography generally relies on the conjectured hardness of computing an isogeny between two isogenous elliptic curves, and most cryptanalytic work referenced on SIKE's webpage exclusively focuses on that problem. Interestingly, the hardness of this problem is sufficient for neither SIDH nor SIKE. In particular, these protocols reveal additional information on the secret isogeny, in the form of images of specific torsion points through the isogeny. This paper surveys existing cryptanalysis approaches exploiting this often called "torsion point information", summarizes their current impact on SIKE and related algorithms, and suggests some research directions that might lead to further impact.

show abstract

Full Key Recovery Side-Channel Attack Against Ephemeral SIKE on the Cortex-M4

Cited by 9 publications

References 29 publications

Post-Quantum Authentication in the MQTT Protocol

Post-Quantum Authentication in the MQTT Protocol

SIKE Channels

Torsion point attacks on ‘SIDH‐like’ cryptosystems

Contact Info

Product

Resources

About